TransUnion's Job Applicant Privacy Notice
What We'll Bring:
The TransUnion Cyber Security program seeks an application security consultant to help identify and mitigate application security vulnerabilities. This resource will serve on TransUnion’s application security team, where they’ll perform core services that are essential to securing TransUnion’s business. The application security consultant should be well versed in multiple security domains with an emphasis on static code analysis and the ability to perform code reviews.
Senior Information Security Consultant
About TransUnion:
TransUnion is a global information and insights company which provides solutions that help create economic opportunity, great experiences and personal empowerment for hundreds of millions of people in more than 30 countries. We call this Information for Good®.
TransUnion is a major credit reference agency and we offer specialist services in fraud, identity and risk management, automated decisioning and demographics. We support organisations across a wide variety of sectors including finance, retail, telecommunications, utilities, gaming, government and insurance.
We’re looking for a Senior Consultant to join our growing Information Security team. This role is a key member of the TU UK Security Team and reports into the UK Information Security Manager. The ideal candidate will have a strong technical security background, be able to work collaboratively and pragmatically with stakeholders from across the business and will possess a strong delivery mindset. They need to be willing and able to undertake multiple projects and prioritise them appropriately using their own initiative. The role provides fantastic opportunities to work across multiple security disciplines, with huge potential for individual growth and development.
What You'll Bring:
Remediation validations against prior findings
Semi-automated code reviews
Static code analysis
Software composition analysis
Interactive application security testing (IAST) analysis
Consult with developers and architects on secure development
Work with application teams to communicate vulnerabilities, provide remediation guidance, demonstrate issues and work with developers to remediate and mitigate risks
Work on and track tasks via TU’s ticketing system
Provide metrics related to your work on a bi-monthly basis
Help build and improve operational processes
Familiar with AWS/GCP and other cloud technologies
Stay up to date on application security attack vectors and risks
Ability to automate repetitive tasks
Impact You'll Make:
Requirements/Skills/Qualification
5 - 10yrs relevant experience
Experience in multiple areas of Information Security
Extensive experience in web application security testing
Extensive experience in application security
Experience in performing secure code reviews (both automated and manual)
Familiar with OWASP Top 10
Familiar with development methodologies
Experience with one or more programming languages
Ability to automate repeatable tasks
Strong verbal and written communication skills
We’d love to see:
Development experience
Experience working in large enterprises
Familiarity or experience with CI/CD pipelines and Agile methodologies
Experience working with AWS and cloud platforms
One or more of the following certifications (or similar): GPEN, GWAPT, GWEB, OSCP, CISSP, eCPPT, etc.
Familiarity with tools such as Veracode, Checkmarx, Fortify, Burp, IBM AppScan, and BlackDuck
It is a requirement of the Global Capability Centre Africa that you reside in a home that is fibre ready; and has space for you to be able to work comfortably and confidentially on a day-to-day basis for the purpose of your proposed employment. You can be based anywhere in South Africa and will not be able to work in a location outside of South Africa.
A Minimum of a 100 Meg Fibre line is required, should you be successful, you will need to upgrade your line in order to work effectively.
If you haven't heard from us for 3 weeks, please consider your application unsuccessful.
This is a remote position which may require occasional in-person attendance at work-related events at the discretion of management.
TransUnion Job Title
Sr Consultant, Information Security